OPERATIONAL DEFECT DATABASE
...
...
[FMC] Alerts related to the failure to download the URL filtering database have been seen on the FMC (going back at least to 22 July 2019). [FMC and FDM] Inaccurate categorization of URLs during traffic inspection. No new URL DB on the Firepower managed device after 15 July 2019. Higher-than-usual bandwidth use on the management network where the Firepower management platform resides.
The URL filtering feature license is actively in use on at least one device managed by the FMC, or has been enabled in FDM. URL filtering has been enabled, and automatic updates of the URL filtering database have also been enabled.
[FMC] 1. Log into the CLI of the Firepower Management Center. 2. Execute the following command to delete the URL filtering database files (when prompted, enter the password for the logged-in user): $ sudo rm /var/sf/cloud_download/*bcdb* 3. In the web UI of the FMC, navigate to (System > Integration > Cisco CSI). 4. In the "URL Filtering" section, click "Update Now" to perform an on-demand download of the URL filtering database. ----- [FDM] 1. Log into the CLI of the Firepower Threat Defense firewall. 2. Enter "expert" mode: > expert 3. Execute the following command to delete the URL filtering database files (when prompted, enter the password for the logged-in user): $ sudo rm /ngfw/var/sf/cloud_download/*bcdb* 4. In the Firepower Device Manager (FDM) web UI, navigate to "URL Filtering Preferences" (from the main "Device" page, under "System Preferences" and then "Traffic Settings"). 5. Uncheck "Enable Automatic Updates" and then save settings. Then, check "Enable Automatic Updates" and then save settings again. This will perform an on-demand download of the URL filtering database.
Affected Platforms: Platforms running Firepower Management Center version 6.2.2-6.4.0.3 with pre-existing URL Filtering configurations. Symptom: When the number of digits in the URL filtering database minor version changes (for example, moving from version 6.9 to 6.10 or moving from version 6.99 to 6.100), a bug in the cleanup routine for older URL filtering databases on the FMC causes the newer database to be deleted immediately after it is downloaded and before it is ever used, leaving the older database in place. This triggers a download of the same database again since the version on the device still doesn't match the version from the cloud update server. The new database is then deleted again immediately after download due to the same bug and the process repeats. The repeated downloads occur approximately every 15 minutes and can cause bandwidth issues with the update server and possibly client sites. Note: URL filtering functionality is not affected by this issue. Conditions: This only affects systems in which URL filtering was enabled before the database minor number version change. Impact: URL Filtering proceeds with the out-of-date database.
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
